如何从一个 C# 的 dump 中挖到机器相关的信息?
生活随笔
收集整理的這篇文章主要介紹了
如何从一个 C# 的 dump 中挖到机器相关的信息?
小編覺得挺不錯的,現(xiàn)在分享給大家,幫大家做個參考.
前段時間有位朋友問我,如何從 dump 中提取出哪些和機(jī)器相關(guān)的信息?比如:機(jī)器內(nèi)存大小,cpu核數(shù),機(jī)器名,機(jī)器的環(huán)境變量 等等。
那如何提取到里面的信息呢?當(dāng)然我也沒說全部可以提取的到。。。這里就拿自己的機(jī)器舉例吧:
1. 如何提取 cpu 核數(shù)
windbg 中有一個 !cpuid 命令,可以提取出cpu的相關(guān)信息。
0:006>?!cpuid CP??F/M/S??Manufacturer?????MHz0??6,5,2??GenuineIntel????25921??6,5,2??GenuineIntel????25922??6,5,2??GenuineIntel????25923??6,5,2??GenuineIntel????25924??6,5,2??GenuineIntel????25925??6,5,2??GenuineIntel????25926??6,5,2??GenuineIntel????25927??6,5,2??GenuineIntel????25928??6,5,2??GenuineIntel????25929??6,5,2??GenuineIntel????2592 10??6,5,2??GenuineIntel????2592 11??6,5,2??GenuineIntel????2592可以看出,當(dāng)前cpu為12核,廠家為intel,兆赫=2592。
2. 如何提取機(jī)器名
windbg中有一個命令叫 !envvar ,可用于獲取指定的環(huán)境變量,比如這里的 COMPUTERNAME 啦。
0:006>?!envvar?COMPUTERNAMECOMPUTERNAME?=?SD-20210607OIBM3. 如何提取機(jī)器環(huán)境變量
從上面的 !envvar 用法中你應(yīng)該能感觸到,既然能提取環(huán)境變量,那能不能獲取到所有的環(huán)境變量呢?當(dāng)然可以了哈。用 !peb,也就是 Process Environment Block。
0:006>?!peb PEB?at?002af000InheritedAddressSpace:????NoReadImageFileExecOptions:?NoBeingDebugged:????????????YesImageBaseAddress:?????????00400000NtGlobalFlag:?????????????4070NtGlobalFlag2:????????????0Ldr???????????????????????77975d80Ldr.Initialized:??????????YesLdr.InInitializationOrderModuleList:?006e4f68?.?0075e630Ldr.InLoadOrderModuleList:???????????006e5060?.?0075bae8Ldr.InMemoryOrderModuleList:?????????006e5068?.?0075baf0Base?TimeStamp?????????????????????Module400000?D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe77850000?5f641e44?Sep?18?10:41:08?2020?C:\Windows\SYSTEM32\ntdll.dll7c570000?C:\Windows\SYSTEM32\MSCOREE.DLL75ac0000?C:\Windows\System32\KERNEL32.dll76900000?197b16c5?Jul?20?05:12:37?1983?C:\Windows\System32\KERNELBASE.dll76880000?C:\Windows\System32\ADVAPI32.dll75740000?7f567a50?Sep?12?21:10:40?2037?C:\Windows\System32\msvcrt.dll76170000?56a91365?Jan?28?02:58:45?2016?C:\Windows\System32\sechost.dll76c20000?C:\Windows\System32\RPCRT4.dll7c5d0000?5e7d1df2?Mar?27?05:26:10?2020?C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll758a0000?C:\Windows\System32\SHLWAPI.dll76490000?3d49eb55?Aug?02?10:15:49?2002?C:\Windows\System32\kernel.appcore.dll74b60000?C:\Windows\SYSTEM32\VERSION.dll79a40000?5f7e61bb?Oct?08?08:47:55?2020?C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll76650000?1e757656?Mar?12?20:28:06?1986?C:\Windows\System32\USER32.dll764d0000?55cf9768?Aug?16?03:47:52?2015?C:\Windows\System32\win32u.dll75480000?1baae673?Sep?16?20:15:47?1984?C:\Windows\System32\GDI32.dll764f0000?C:\Windows\System32\gdi32full.dll7a210000?5bac17e1?Sep?27?07:36:01?2018?C:\Windows\SYSTEM32\ucrtbase_clr0400.dll7a1f0000?5bac17e5?Sep?27?07:36:05?2018?C:\Windows\SYSTEM32\VCRUNTIME140_CLR0400.dll75810000?C:\Windows\System32\msvcp_win.dll77500000?73123758?Mar?06?22:27:36?2031?C:\Windows\System32\ucrtbase.dll764a0000?39046a45?Apr?24?23:37:41?2000?C:\Windows\System32\IMM32.DLL7a2c0000?5f7e60f6?Oct?08?08:44:38?2020?C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\218db16dceaef380c6daf35c6a48f313\mscorlib.ni.dll762a0000?4f8dda94?Apr?18?05:03:16?2012?C:\Windows\System32\ole32.dll754b0000?2f680839?Mar?16?17:43:21?1995?C:\Windows\System32\combase.dll76b80000?C:\Windows\System32\bcryptPrimitives.dll7b6d0000?5f7e60c1?Oct?08?08:43:45?2020?C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll77750000?C:\Windows\System32\OLEAUT32.dllSubSystemData:?????00000000ProcessHeap:???????006e0000ProcessParameters:?006e29b8CurrentDirectory:??'C:\Windows\system32\'WindowTitle:??'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'ImageFile:????'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'CommandLine:??'D:\net5\ConsoleApp4\ConsoleApp1\bin\Debug\ConsoleApp1.exe'DllPath:??????'<?Name?not?readable?>'Environment:??006e0b80=::=::\ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\Administrator\AppData\RoamingASPNETCORE_ENVIRONMENT=DevelopmentCLASSPATH=.;C:\Program?Files\Java\jdk1.8.0_121\lib\dt.jar;C:\Program?Files\Java\jdk1.8.0_121\lib\tools.jar;CommonProgramFiles=C:\Program?Files?(x86)\Common?FilesCommonProgramFiles(x86)=C:\Program?Files?(x86)\Common?FilesCommonProgramW6432=C:\Program?Files\Common?FilesCOMPUTERNAME=SD-20210607OIBMComSpec=C:\Windows\system32\cmd.exeDBGENG_OVERRIDE_DBGSRV_PATH=C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps\Microsoft.WinDbg_8wekyb3d8bbwe\dbgsrv32.exeDBGHELP_HOMEDIR=C:\ProgramData\DbgDriverData=C:\Windows\System32\Drivers\DriverDataHOMEDRIVE=C:HOMEPATH=\Users\AdministratorJAVA_HOME=C:\Program?Files\Java\jdk1.8.0_121LOCALAPPDATA=C:\Users\Administrator\AppData\LocalLOGONSERVER=\\SD-20210607OIBMMOZ_PLUGIN_PATH=C:\Program?Files?(x86)\Foxit?Software\Foxit?Reader\plugins\NUMBER_OF_PROCESSORS=12OneDrive=C:\Users\Administrator\OneDriveOS=Windows_NTPath=C:\Program?Files\WindowsApps\Microsoft.WinDbg_1.2107.13001.0_neutral__8wekyb3d8bbwe\x86;C:\Program?Files\WindowsApps\Microsoft.WinDbg_1.2107.13001.0_neutral__8wekyb3d8bbwe\amd64;C:\Program?Files?(x86)\VMware\VMware?Workstation\bin\;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Program?Files?(x86)\NVIDIA?Corporation\PhysX\Common;C:\Program?Files\NVIDIA?Corporation\NVIDIA?NvDLISR;C:\Program?Files\dotnet\;C:\Program?Files\Microsoft?SQL?Server\Client?SDK\ODBC\170\Tools\Binn\;C:\Program?Files\Git\cmd;C:\soft\procdump;C:\Program?Files\Java\jdk1.8.0_121\bin;C:\Program?Files\Java\jdk1.8.0_121\jre\bin;C:\Program?Files\nodejs\;C:\Program?Files?(x86)\Microsoft?SQL?Server\150\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\150\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\150\DTS\Binn\;C:\Program?Files?(x86)\Microsoft?SQL?Server\150\DTS\Binn\;C:\Program?Files\Azure?Data?Studio\bin;C:\Program?Files?(x86)\Microsoft?SQL?Server\100\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\100\Tools\Binn\;C:\Program?Files\Microsoft?SQL?Server\100\DTS\Binn\;C:\Program?Files?(x86)\Microsoft?SQL?Server\100\Tools\Binn\VSShell\Common7\IDE\;C:\Program?Files?(x86)\Microsoft?Visual?Studio?9.0\Common7\IDE\PrivateAssemblies\;C:\Program?Files?(x86)\Microsoft?SQL?Server\100\DTS\Binn\;C:\Program?Files?(x86)\Visual?Leak?Detector\bin\Win32;C:\Program?Files?(x86)\Visual?Leak?Detector\bin\Win64;C:\Program?Files\TortoiseGit\bin;C:\Program?Files\Microsoft\Web?Platform?Installer\;C:\soft\nginx;C:\Program?Files?(x86)\dotnet\;C:\Program?Files?(x86)\NetSarang\Xshell?7\;C:\Users\Administrator\AppData\Local\Microsoft\WindowsApps;C:\Users\Administrator\.dotnet\tools;C:\Users\Administrator\AppData\Local\Programs\Microsoft?VS?Code\bin;C:\Users\Administrator\AppData\Roaming\npmPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_ARCHITEW6432=AMD64PROCESSOR_IDENTIFIER=Intel64?Family?6?Model?165?Stepping?2,?GenuineIntelPROCESSOR_LEVEL=6PROCESSOR_REVISION=a502ProgramData=C:\ProgramDataProgramFiles=C:\Program?Files?(x86)ProgramFiles(x86)=C:\Program?Files?(x86)ProgramW6432=C:\Program?FilesPSModulePath=C:\Program?Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program?Files?(x86)\Microsoft?SQL?Server\150\Tools\PowerShell\Modules\PUBLIC=C:\Users\PublicSRCSRV_SHOW_TF_PROMPT=1SystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\ADMINI~1\AppData\Local\TempTMP=C:\Users\ADMINI~1\AppData\Local\TempUSERDOMAIN=SD-20210607OIBMUSERDOMAIN_ROAMINGPROFILE=SD-20210607OIBMUSERNAME=AdministratorUSERPROFILE=C:\Users\Administratorwindir=C:\WindowsWXDRIVE_START_ARGS=--wxdrive-setting=0?--disable-gpu?--disable-software-rasterizer?--enable-features=NetworkServiceInProcessZES_ENABLE_SYSMAN=1哈哈,這信息是不是相當(dāng)多。。。。
4. 其他信息
很遺憾的是,我目前還不知道從 dump 中提取出當(dāng)前機(jī)器的內(nèi)存大小,如果有知道的,可以聊一聊。
總結(jié)
以上是生活随笔為你收集整理的如何从一个 C# 的 dump 中挖到机器相关的信息?的全部內(nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: C#对象映射器之Mapster
- 下一篇: 如何获取当前C#程序所有线程的调用栈信息